Since cgroups are not namespace aware, the directory heirarchy used by
ip vrf should account for network namespaces. In this case, change the
path from CGRP/BASE/vrf/NAME to CGRP/BASE/NETNS/vrf/NAME where CGRP is
the cgroup2 mount path, BASE in any base heirarchy inherited before VRF
is applied and NAME is the VRF name.
The intent is as follows: a user logs into the box into some namespace
with a name known to iproute2. Some other policy may have put the
process into a BASE heirarchy. From there the user executes a task in
a VRF and in doing so the task heirarchy becomes CGRP/BASE/NETNS/vrf/NAME.
The namespace level is omitted for the default namespace.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Move guts of netns_identify into a standalone function that returns
the netns name in a given buffer.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Add support for VRF in a pre-existing hierarchy. For example, if the
current process is running in CGRP/foo/bar, the 'ip vrf exec NAME CMD'
should run CMD in the cgroup CGRP/foo/bar/vrf/NAME.
When listing process ids in a VRF, search for the directory vrf/NAME
regardless of base path (foo/bar/vrf/NAME and vrf/NAME) are still
running against the same vrf NAME.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Extend ICMP code and type match to support masks.
Also add missing documentation to synopsis in manpage.
tc qdisc add dev eth0 ingress
tc filter add dev eth0 protocol ipv6 parent ffff: flower \
indev eth0 ip_proto icmpv6 type 128/240 code 0 action drop
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Provide generic masked u8 print helper and use it to print arp operations.
Also:
* Make name parameter of arp op print helper const.
* Consistently use __u8 rather than uint8_t, in keeping with the
pervasive style in the file.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Provide generic masked u8 paser helper and use it to parse arp operations.
Also consistently use __u8 rather than uint8_t, in keeping with the
pervasive style in the file.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Print the skip flags when we dump a filter.
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Acked by: Yotam Gigi <yotamg@mellanox.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
iproute2 can inconsistently show the name of protocol 0 if a route with
a custom protocol is added. For example:
dsa@cartman:~$ ip -6 ro ls table all | egrep 'proto none|proto unspec'
local ::1 dev lo table local proto none metric 0 pref medium
local fe80::225:90ff:fecb:1c18 dev lo table local proto none metric 0 pref medium
local fe80::92e2:baff:fe5c:da5d dev lo table local proto none metric 0 pref medium
protocol 0 is pretty printed as "none". Add a route with a custom protocol:
dsa@cartman:~$ sudo ip -6 ro add 2001:db8:200::1/128 dev eth0 proto 123
And now display has switched from "none" to "unspec":
dsa@cartman:~$ ip -6 ro ls table all | egrep 'proto none|proto unspec'
local ::1 dev lo table local proto unspec metric 0 pref medium
local fe80::225:90ff:fecb:1c18 dev lo table local proto unspec metric 0 pref medium
local fe80::92e2:baff:fe5c:da5d dev lo table local proto unspec metric 0 pref medium
The rt_protos file has the id to name mapping as "unspec" while
rtnl_rtprot_tab[0] has "none". The presence of a custom protocol id
triggers reading the rt_protos file and overwriting the string in
rtnl_rtprot_tab. All of this is logic from 2004 and earlier.
Update rtnl_rtprot_tab to "unspec" to match the enum value.
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
At least in Fedora there is no /proc/config.gz but instead
/lib/modules/`uname -r`/config, so use that as a fallback.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Since netlink messages are in host byte order, shipping a pre-generated
nlmsg blob won't suffice on systems with different endianness. Therefore
generate the blob at runtime, so it's content fits the hosts endianness.
Note that the generated message will contain only a single interface
featuring two VFs instead of the full list before. Yet this is
sufficient, as it triggers the crash with iproute versions prior to
commit 8c29ae7cc2 ("ip link: Fix crash on older kernels when show VF
dev").
Signed-off-by: Phil Sutter <phil@nwl.cc>
Unlike other PREFIXes documented in the usage for tc flower, which accept
both IPv4 and IPv6 prefixes, arp_sip and arp_tip only accepts IPv4
prefixes.
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Use enum flower_icmp_field rather than bool as type of third parameter
when calling flower_icmp_attr_type.
Fixes: eb3b5696f1 ("tc: flower: support matching on ICMP type and code")
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Previously, the autocomplete routine did not complete actions after a
filter keyword, for example:
$ tc filter add dev eth0 u32 [...] action <TAB>
did not suggest the actions list, and:
$ tc filter add dev eth0 u32 [...] action mirred <TAB>
did not suggest the specific mirred parameters. Add the support for this
kind of completion by adding the _tc_filter_action_options routine and
invoking it from inside _tc_filter_options.
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
The QDISC_KIND, FILTER_KIND, ACTION_KIND variables may be used by other
routines, thus make them global variables.
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
The action autocomplete routine (_tc_action_options) currently does not
support several actions statements in one tc command line as it uses the
_tc_once_attr and _tc_one_from_list.
For example, in that case:
$ tc filter add dev eth0 handle ffff: u32 [...] \
action sample group 5 rate 12 \
action sample <TAB>
the _tc_once_attr function, when invoked with "group rate" will not
suggest those as they already exist on the command line.
Fix the function to use the _from variant, thus allowing each action
autocomplete start from the action keyword, and not from the beginning of
the command line.
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
The _tc_one_of_list and _tc_once_attr functions simplfy the bash
completion task by validating each attr exist only once on the command
line.
For example, for the command line:
$ a b c d e
and the call to _tc_once_attr with "a f g", the function will suggest
"f g" as "a" existed in the command line in args 0.
Add the _from variant to those functions, which allows having the command
line option once from a specified index. In the previous example, calling
_tc_once_attr with 4 and "a f g" will suggest "a f g".
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
Add an example of packet sampling to the tc-matchall man page examples
section. The example uses the matchall classifier and the sample action to
create packet sampling on a port.
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
In addition to general information about the tc action, the man entry
contains common usage examples and information about the tlv fields packed
within each sampled packet.
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
The sample tc action allows sampling packets matching a classifier. It
peeks randomly packets, and samples them using the psample netlink
channel. The user can specify the psample group, which the packet will be
sampled to, the sampling rate and the packet truncation (to save
kernel-user traffic).
The sampled packets contain informative metadata, for example, the input
interface and the original packet length.
The action syntax:
tc filter add [...] \
action sample rate <RATE> group <GROUP> [trunc <SIZE>]
[...]
Where:
RATE := The sampling rate which is the ratio of packets observed at the
data source to the samples generated
GROUP := the psample module sampling group
SIZE := optional truncation size
An example for a common usecase of the sample tc action: to sample ingress
traffic from interface eth1, one may use the commands:
tc qdisc add dev eth1 handle ffff: ingress
tc filter add dev eth1 parent ffff: \
matchall action sample rate 12 group 4
Where the first command adds an ingress qdisc and the second starts
sampling randomly with an average of one sampled packet per 12 packets
on dev eth1 to psample group 4.
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
Descriptions of each route sub-command's arguments are enclosed in
.RS/.RE pairs. For 'replace' sub-command, '.RE' was incorrectly put
before the last argument ('expires').
Fixes: 3fbe7ca847 ("iproute2: ip-route.8.in: Add expires option for ip route")
Signed-off-by: Phil Sutter <phil@nwl.cc>
tcpi_rcv_mss and tcpi_advmss tcp info fields were not yet reported
by ss.
While adding GRO support to packetdrill, I found this was useful.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Add documentation about the extended statistics to the ifstat man page.
Add ifstat man age to the man8 Makefile
Signed-off-by: Nogah Frankel <nogahf@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Add support for extended statistics of SW only type, for counting only the
packets that went via the cpu. (useful for systems with forward
offloading). It reads it from filter type IFLA_STATS_LINK_OFFLOAD_XSTATS
and sub type IFLA_OFFLOAD_XSTATS_CPU_HIT.
It is under the name 'cpu_hits'
(or any shorten of it as 'cpu' or simply 'c')
For example:
ifstat -x c
Signed-off-by: Nogah Frankel <nogahf@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Extended stats are part of the RTM_GETSTATS method. This patch adds them
to ifstat.
While extended stats can come in many forms, we support only the
rtnl_link_stats64 struct for them (which is the 64 bits version of struct
rtnl_link_stats).
We support stats in the main nesting level, or one lower.
The extension can be called by its name or any shorten of it. If there is
more than one matched, the first one will be picked.
To get the extended stats the flag -x <stats type> is used.
Signed-off-by: Nogah Frankel <nogahf@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Reorder the includes in misc/ifstat.c to match convention.
Signed-off-by: Nogah Frankel <nogahf@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
The man page contains two examples, which have different indentation. Fix
the indentation of the two examples to match.
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
This fixes two issues with the provided example:
- Add missing 'dev' keyword to second command.
- Use a real IPv4 address instead of a bogus hex value since that will
be rejected by get_addr_ipv4().
Fixes: dbfb17a67f ("man: tc-csum.8: Add an example")
Reported-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
v2 - update to address changes in 00697ca19a.
When using the tc flower filter, rules marked with "protocol all" do not
actually match all packets. This is due to a bug in f_flower.c that passes
in ETH_P_ALL in the TCA_FLOWER_KEY_ETH_TYPE attribute when adding a rule.
Fix this by omitting TCA_FLOWER_KEY_ETH_TYPE if the protocol is set to
ETH_P_ALL.
Fixes: 488b41d020 ("tc: flower no need to specify the ethertype")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Benjamin LaHaise <benjamin.lahaise@netronome.com>
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Reviewed-by: Roi Dayan <roid@mellanox.com>
